Age | Commit message (Collapse) | Author |
|
This fixes builds on platforms that don't have it (at least old DragonFly,
probably others).
|
|
|
|
OpenBSD-Regress-ID: b52d36bc3ab6dc158c1e59a9a4735f821cf9e1fd
|
|
private keys, enabled via "ssh-keygen -m PKCS8" on operations that save
private keys to disk.
The OpenSSH native key format remains the default, but PKCS8 is a
superior format to PEM if interoperability with non-OpenSSH software
is required, as it may use a less terrible KDF (IIRC PEM uses a single
round of MD5 as a KDF).
adapted from patch by Jakub Jelen via bz3013; ok markus
OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1
|
|
string operations: sshbuf_cmp() (bcmp-like) and sshbuf_find() (memmem like)
feedback and ok markus@
OpenBSD-Commit-ID: fd071ec2485c7198074a168ff363a0d6052a706a
|
|
|
|
|
|
functions. ok markus@
OpenBSD-Regress-ID: 034c4284b1da6b12e25c762a6b958efacdafbaef
|
|
operations inside buffers with bounds checking. Intended to replace manual
pointer arithmetic wherever possible.
feedback and ok markus@
OpenBSD-Commit-ID: 91771fde7732738f1ffed078aa5d3bee6d198409
|
|
allows ssh-keyscan to harvest keys from servers that disable olde SHA1
ssh-rsa. bz#3029 from Jakub Jelen
OpenBSD-Commit-ID: 9f95ebf76a150c2f727ca4780fb2599d50bbab7a
|
|
requested for resumed download but was considered already complete.
bz#2978 ok dtucker
OpenBSD-Commit-ID: f32084b26a662f16215ee4ca4a403d67e49ab986
|
|
closest end of a word just like <esc><left> moves left to the closest
beginning of a word.
ok djm
OpenBSD-Commit-ID: 6afe01b05ed52d8b12eb1fda6e9af5afb5e198ee
|
|
Reported by hexiaowen AT huawei.com
|
|
willing to parse on a single authorized_keys line; ok deraadt@
OpenBSD-Commit-ID: a43a752c2555d26aa3fc754805a476f6e3e30f46
|
|
Fixes build on some other platforms that don't have va_list immediately
available (eg NetBSD).
|
|
Should fix some compiler warnings on IRIX (bz#3032).
|
|
|
|
We shipped a BSD implementation of realpath() because sftp-server
depended on its behaviour.
OpenBSD is now moving to a more strictly POSIX-compliant realpath(2),
so sftp-server now unconditionally requires its own BSD-style realpath
implementation. As such, there is no need to carry another independant
implementation in openbsd-compat.
ok dtucker@
|
|
OpenBSD-Commit-ID: 824baf9c59afc66a4637017e397b9b74a41684e7
|
|
OpenBSD-Commit-ID: 5ea3d63ab972691f43e9087ab5fd8376d48e898f
|
|
OpenBSD-Commit-ID: 3919cdd58989786660b8269b325646ef8856428e
|
|
sftp-server use ahead of OpenBSD's realpath changing to match POSIX;
ok deraadt@ (thanks for snaps testing)
OpenBSD-Commit-ID: 4f8cbf7ed8679f6237264301d104ecec64885d55
|
|
|
|
UID and GID types vary by platform so cast to u_long and use %lu when
printing them to prevent warnings.
|
|
|
|
When configured --with-prngd-socket the code had a missing bracket after
an API change. Fix that and a couple of warnings. bz#3032 , from
ole.weidner at protonmail.ch
|
|
OpenBSD-Regress-ID: 405beda94e32aa6cc9c80969152fab91f7c54bd3
|
|
A recent regress change (2a9b3a2ce411d16cda9c79ab713c55f65b0ec257 in
portable) broke the PuTTY and Twisted Conch interop tests, because the
key they want to use is now called ssh-rsa rather than rsa. Adapt the
tests to the new file names. bz#3020, patch from cjwatson at debian.org.
OpenBSD-Regress-ID: fd342a37db4d55aa4ec85316f73082c8eb96e64e
|
|
Currently when the multiplex client requests a forward it returns
once the request has been sent but not necessarily when the forward
is up. This causes intermittent text failures due to this race,
so add some sleeps to mitigate this until we can fix it properly.
OpenBSD-Regress-ID: 384c7d209d2443d25ea941d7f677e932621fb253
|
|
|
|
Some platforms (eg AIX and Cygwin) do not have a "tty" group. In those
cases we will fall back to making the tty device the user's primary
group, so do not fatal if the group lookup fails. ok djm@
|
|
OpenBSD-Commit-ID: d148c1c052fa0ed7d105b5428b5c1bab91630048
|
|
OpenBSD-Commit-ID: 668e8d022ed4ab847747214f64119e5865365fa1
|
|
OpenBSD-Commit-ID: a261c421140a0639bb2b66bbceca72bf8239749d
|
|
some arbitrary value < 0. errno is only updated in this case. Change all
(most?) callers of syscalls to follow this better, and let's see if this
strictness helps us in the future.
OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
|
|
upon error the (very sloppy specification) leaves an undefined value in *ret,
so it is wrong to inspect it, the error condition is enough. discussed a
little with nicm, and then much more with millert until we were exasperated
OpenBSD-Commit-ID: 29258fa51edf8115d244b9d4b84028487bf8923e
|
|
OpenBSD-Commit-ID: 702e765d1639b732370d8f003bb84a1c71c4d0c6
|
|
precise == -1. ok millert nicm tb, etc
OpenBSD-Commit-ID: caecf8f57938685c04f125515b9f2806ad408d53
|
|
=?UTF-8?q?or=20path=20added=20in=20last=20commit;=20spotted=20by=20Reynir?=
=?UTF-8?q?=20Bj=C3=B6rnsson?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
ok deraadt@ markus@ tb@
OpenBSD-Commit-ID: b11b084bcc551b2c630560eb08618dd501027bbd
|
|
Readme regress document is missing various individual tests,
which are supported currently. Update README to
include those test cases.
|
|
=?UTF-8?q?n=20error=20path.=20=20From=20Erik=20Sj=C3=B6lund=20via=20githu?=
=?UTF-8?q?b,=20ok=20djm@=20deraadt@?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
OpenBSD-Commit-ID: 62a4893cf83b29a4bbfedc40e7067c25c203e632
|
|
via oss-fuzz
OpenBSD-Commit-ID: 1ea0ba05ded2c5557507bd844cd446e5c8b5b3b7
|
|
OpenBSD-Regress-ID: 298890bc52f0cd09dba76dc1022fabe89bc0ded6
|
|
speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer
and Rambleed. This change encrypts private keys when they are not in use with
a symmetic key that is derived from a relatively large "prekey" consisting of
random data (currently 16KB).
Attackers must recover the entire prekey with high accuracy before
they can attempt to decrypt the shielded private key, but the current
generation of attacks have bit error rates that, when applied
cumulatively to the entire prekey, make this unlikely.
Implementation-wise, keys are encrypted "shielded" when loaded and then
automatically and transparently unshielded when used for signatures or
when being saved/serialised.
Hopefully we can remove this in a few years time when computer
architecture has become less unsafe.
been in snaps for a bit already; thanks deraadt@
ok dtucker@ deraadt@
OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
|
|
an uninitialised variable; spotted by dtucker@
OpenBSD-Commit-ID: 02802018784250f68202f01c8561de82e17b0638
|
|
optional, not local-path - sync help
from deraadt:
- prefer -R and undocument -r (but add a comment for future editors)
from schwarze:
- prefer -p and undocument -P (as above. the comment was schwarze's too)
more:
- add the -f flag to reput and reget
- sort help (i can;t remember who suggested this originally)
djm and deraadt were ok with earlier versions of this;
tim and schwarze ok
OpenBSD-Commit-ID: 3c699b53b46111f5c57eed4533f132e7e58bacdd
|
|
resolve to LONG_MAX Reported by Kirk Wolf bz2977; ok dtucker
OpenBSD-Regress-ID: 15c9fe87be1ec241d24707006a31123d3a3117e0
|
|
OpenBSD-Regress-ID: 69d5b6f278e04ed32377046f7692c714c2d07a68
|
|
OpenBSD-Regress-ID: d4c34916fe20d717692f10ef50b5ae5a271c12c7
|
|
Patch from mforney at mforney.org.
|